<?php
session_start();


$newpassword = $_POST["newpassword"];
$oldpassword = $_POST["oldpassword"];

$col=':';
$dbuser=$_SESSION['dbuser'];
$dbpass=$_SESSION['dbpass'];
$dbport=$_SESSION['dbport'];
$dbhost=$_SESSION['dbhost'];
$dbname=$_SESSION['dbname'];
$showusname=$_SESSION['showusname'];
$showhtname=$_SESSION['showhtname'];

if ($dbhost=="localhost") {
   $dbhost = "127.0.0.1";
   } 

$dbhostport = $dbhost . $col . $dbport ; 

$con = mysql_connect($dbhostport, $dbuser, $dbpass);
if (!$con)
    {
      $error=mysql_error();
      $_SESSION['error'] = $error;
      
      Header("Location: error.php");
    }
  
mysql_select_db($dbname, $con);


if (!isset($_POST['submit_change_password'])) 
{
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<HTML xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><HEAD><META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<TITLE>Sam-My - Securich GUI tool - User Accounts</TITLE>

	<STYLE type="text/css" media="all">
	
	body {
		background: #f70;
		font: 0.8em arial, helvetica, sans-serif;
		margin: 0;
		padding: 0;
		height:100%;
        padding-bottom:35px;   /* Height of the footer */
	}
	
	#footer {
        position: absolute;
 	    bottom: 40px;
	    width:100%;
	    height:15px;   /* Height of the footer */
	    color: #fff;
    }
    
	#header {
		background-color: white;
	}
	
    #header ul {
		list-style: none;
		padding: 0;
		margin: 0;
		background: white;
		float: left;
		width: 100%;
		#border-bottom: 0.5em solid #FF5E00; /* orange under the menu*/
    }
    
	#header li {
		float: left;
		margin: 0 1em 0 0;
    }
    
	#header a {
		text-decoration: none;
		display: block;
		width: 6em;
		padding: 0 0.5em;
		font-weight: bold;
		color: black;
		border-bottom: 0.5em solid #fc6;
		color: #fc6;
    }
	
	#header a:hover {
		color: #fa3;
		border-color: #fa3;
	}
	
	#header #selected a {
		color: #f80;
		border-color: #f80;
	}
	
	#content {
        position:absolute;
        top: 85px;
        left:60px;
		clear: both;
		color: white;
		padding: 1em;
	}
	
	#content p {
		margin: 0 0 1em 0;
	}
	
	h1 {
		margin: 0;
		padding: 0.5em 0 1em 0.5em;
		color: #f80;
		font-size: 1.5em;
		font-style: italic;
	}

	</STYLE>
	
</HEAD>
<BODY>

<DIV id="header">

<H1>Sam-My - The GUI frontend for Securich, the security plugin for MySQL</H1>

<UL>
	<LI><A href="welcome.php">Home</A></LI>
	<LI id="selected"><A href="accounts.php">Accounts</A></LI>
	<LI><A href="grant_revoke.php">Privileges</A></LI>
	<LI><A href="configure.php">Config</A></LI>
	<LI><A href="securich.php">Securich</A></LI>
	<LI><A href="help.php">Help</A></LI>
	<LI><A href="logout.php">Log Out</A></LI>
</UL>
</DIV>

<DIV id="content">
<table>  
  <tr>
    <td colspan="3">
      <br><br><br><b>Password Change:</b><br><br>
    </td>
  </tr>
  <tr>
    <td width="10px"></td>
    <td></td>
    <td>

  
      <div id='changepassword' />
      <form method='post' action='<?php echo $PHP_SELF;?>'>
      <div>
        <?
        echo "Username: " . $showusname . "<br>";
        echo "Hostname: " . $showhtname . "<br>";
        echo "Old Password: <input type='password' id='multiple03' size='25' name='oldpassword'/><br>";
        echo "New Password: <input type='password' id='multiple03' size='25' name='newpassword'/><br>";
        ?>
        <input type='submit' value='Change' name='submit_change_password'>
      </div>
      </form>
      </div>
  
<?

 } else 
    {
        
      $mysqli = mysqli_init();
      $mysqli->real_connect($dbhost, $dbuser, $dbpass, $dbname, $dbport);
  
      if (mysqli_connect_errno())
      { 
        $error=mysql_error();
        $_SESSION['error'] = $error;
      
        Header("Location: error.php");
      }
    
      else
      {
         $str_query = "call securich.set_password('" . $showusname . "','" . $showhtname . "','" . $oldpassword . "','" . $newpassword . "');";
         
         if($mysqli->multi_query ($str_query))
         { 
           Header("Location: set_password_successful.php");
         }
         else
         {
           $error=mysql_error();
           $_SESSION['error'] = $error;

           Header("Location: error.php");
         }
      }
    }
    ?>

    <br>
    </td>    
  </tr><br><br>
</table>
</DIV>
 
   <DIV id="footer" align="left">
   <table>
     <tr>
       <td width="23px">&nbsp;</td>
       <td>
         Copyright &copy; Darren Cassar a.k.a. preacher<br />
         Developed by Darren Cassar <?php echo date("Y"); ?> - GPLv2
       </td>
     </tr>
   </table>
   </DIV>

</BODY></HTML>
